Add test cases to verify TTL and hop limit decrement with lookaside
IPsec offload.
Signed-off-by: Volodymyr Fialko <vfia...@marvell.com>
Acked-by: Anoob Joseph <ano...@marvell.com>
---
app/test/test_cryptodev.c | 29 +++++++++++++++++++
app/test/test_cryptodev_security_ipsec.c | 37 ++++++++++++++++++++++++
app/test/test_cryptodev_security_ipsec.h | 1 +
3 files changed, 67 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index a63c199964..f6c3cd2b7b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9811,6 +9811,27 @@ test_PDCP_PROTO_all(void)
return TEST_SUCCESS;
}
+static int
+test_ipsec_proto_ipv4_ttl_decrement(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags = {
+ .dec_ttl_or_hop_limit = true
+ };
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv6_hop_limit_decrement(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags = {
+ .ipv6 = true,
+ .dec_ttl_or_hop_limit = true
+ };
+
+ return test_ipsec_proto_all(&flags);
+}
+
static int
test_docsis_proto_uplink(const void *data)
{
@@ -14808,6 +14829,14 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Tunnel header set DF 1 (inner 0)",
ut_setup_security, ut_teardown,
test_ipsec_proto_set_df_1_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv4 decrement inner TTL",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv4_ttl_decrement),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv6 decrement inner hop limit",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv6_hop_limit_decrement),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 229eadf5de..77e4ee84cb 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -432,6 +432,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
flags->df == TEST_IPSEC_COPY_DF_INNER_1)
td->ipsec_xform.options.copy_df = 1;
+
+ if (flags->dec_ttl_or_hop_limit)
+ td->ipsec_xform.options.dec_ttl = 1;
}
}
@@ -639,6 +642,32 @@ test_ipsec_l4_csum_verify(struct rte_mbuf *m)
return TEST_SUCCESS;
}
+static int
+test_ipsec_ttl_or_hop_decrement_verify(void *received, void *expected)
+{
+ struct rte_ipv4_hdr *iph4_ex, *iph4_re;
+ struct rte_ipv6_hdr *iph6_ex, *iph6_re;
+
+ if (is_ipv4(received) && is_ipv4(expected)) {
+ iph4_ex = expected;
+ iph4_re = received;
+ iph4_ex->time_to_live -= 1;
+ if (iph4_re->time_to_live != iph4_ex->time_to_live)
+ return TEST_FAILED;
+ } else if (!is_ipv4(received) && !is_ipv4(expected)) {
+ iph6_ex = expected;
+ iph6_re = received;
+ iph6_ex->hop_limits -= 1;
+ if (iph6_re->hop_limits != iph6_ex->hop_limits)
+ return TEST_FAILED;
+ } else {
+ printf("IP header version miss match\n");
+ return TEST_FAILED;
+ }
+
+ return TEST_SUCCESS;
+}
+
static int
test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
bool silent, const struct ipsec_test_flags *flags)
@@ -728,6 +757,14 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct
ipsec_test_data *td,
memcpy(td_output_text, td->output_text.data + skip, len);
+ if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&
+ flags->dec_ttl_or_hop_limit) {
+ if (test_ipsec_ttl_or_hop_decrement_verify(output_text,
td_output_text)) {
+ printf("Inner TTL/hop limit decrement test failed\n");
+ return TEST_FAILED;
+ }
+ }
+
if (test_ipsec_pkt_update(td_output_text, flags)) {
printf("Could not update expected vector");
return TEST_FAILED;
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 12a9b77c55..faf2928846 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -74,6 +74,7 @@ struct ipsec_test_flags {
bool fragment;
bool stats_success;
enum df_flags df;
+ bool dec_ttl_or_hop_limit;
};
struct crypto_param {
--
2.25.1
